hash_equals
Description
The hash_equals of Hash for PHP timing attack safe string comparison.
Syntax
hash_equals( string $known_string, string $user_string ): bool
Parameters
known_string
The string of known length to compare against
user_string
The user-supplied string
Return
Returns true when the two strings are equal, false otherwise.
Examples
1 · known_string user_string · equal
<? $algo1 = "sha384"; $data1 = "mydata"; $algo2 = "sha384"; $data2 = "mydata"; $known_string = hash($algo1, $data1); $user_string = hash($algo2, $data2); $return = hash_equals($known_string, $user_string); var_export($return);
true
2 · known_string user_string · unequal algorithm
<? $algo1 = "sha384"; $data1 = "mydata"; $algo2 = "md5"; $data2 = "mydata"; $known_string = hash($algo1, $data1); $user_string = hash($algo2, $data2); $return = hash_equals($known_string, $user_string); var_export($return);
false
3 · known_string user_string · unequal data
<? $algo1 = "sha384"; $data1 = "mydata1"; $algo2 = "sha384"; $data2 = "mydata2"; $known_string = hash($algo1, $data1); $user_string = hash($algo2, $data2); $return = hash_equals($known_string, $user_string); var_export($return);
false